I have a user who unfortunately gave his password to another user, who in turn made a copy of his user.id file. From a security perspective, is there any way of revoking the use of that ID without changing the user name?
I deleted the user from the NAB, re-registered them and it appears that either user.id file can access the server / database.
I had thought that there was something more in the certificate to assure the user.id file was unique to the NAB. It seems like only the name and server are validated.
What you found is correct. Normally, if you have two IDs with the same name (and valid certificates) Domino will treat both as valid. The solution is to turn on the "verify public key" option on the server and create a new public key in the ID that you want to use.
See Domino Administration Help / Index / Public Keys / Lost or Stolen. This will give you full information.
Dig Deeper on Domino Resources
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in. Continue Reading
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.